Delphi ActiveX
Delphi ActiveX
Signed Zip as Base64 with XAdES-BES
See more XAdES Examples
This example is to help companies implement a solution for sending XAdES-BES to the Polish government for reporting purposes. Specifically:Przed podpisaniem deklaracja zbiorcza (PIT-11Z, PIT-8CZ, PIT-40Z, PIT-RZ) musi zostać
umieszczona w archiwum ZIP. W tym przypadku, podpisywany jest plik archiwum ZIP,
przyjmujący w podpisie XAdES-BES formę zakodowaną base64.
The example demonstrates the following:
- Zip an XML file (PIT-11Z.xml is zipped to PIT-11Z.zip)
- Create XML to be signed, where the XML contains the base64 encoded content of the PIT-11Z.zip archive.
- XAdES-BES sign the XML containing the base64 zip.
This example will also show the reverse:
- Verify the signed XML.
- Extract the PIT-11z.zip from the signed XML.
- Unzip the PIT-11Z.zip to get the original PIT-11Z.xml
Chilkat Delphi ActiveX Downloads
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;
...
procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
sbXmlToZip: TChilkatStringBuilder;
zip: TChilkatZip;
bdZip: TChilkatBinData;
gen: TChilkatXmlDSigGen;
object1: TChilkatXml;
cert: TChilkatCert;
sbXml: TChilkatStringBuilder;
verifier: TChilkatXmlDSig;
verified: Integer;
xml: TChilkatXml;
strZipBase64: WideString;
entry: TChilkatZipEntry;
origXml: WideString;
begin
success := 0;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Zip the PIT-11Z.xml to create PIT-11Z.zip (not as a .zip file, but in-memory).
sbXmlToZip := TChilkatStringBuilder.Create(Self);
success := sbXmlToZip.LoadFile('qa_data/xml/PIT-11Z.xml','utf-8');
if (success <> 1) then
begin
Memo1.Lines.Add('Failed to load the XML to be zipped.');
Exit;
end;
zip := TChilkatZip.Create(Self);
// Initialize the zip object. No file is created in this call.
// It should always return 1.
success := zip.NewZip('PIT-11Z.zip');
// Add the XML to be zipped.
zip.AddSb('PIT-11Z.xml',sbXmlToZip.ControlInterface,'utf-8');
// Write the zip to a BinData object.
bdZip := TChilkatBinData.Create(Self);
zip.WriteBd(bdZip.ControlInterface);
// The contents of the bdZip will be retrieved in base64 format when needed below..
gen := TChilkatXmlDSigGen.Create(Self);
gen.SigLocation := '';
gen.SigLocationMod := 0;
gen.SigId := 'Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19';
gen.SigNamespacePrefix := 'ds';
gen.SigNamespaceUri := 'http://www.w3.org/2000/09/xmldsig#';
gen.SigValueId := 'SignatureValue_2a8df7f8-b958-40cc-83f6-edb53b837347_52';
gen.SignedInfoId := 'SignedInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_41';
gen.SignedInfoCanonAlg := 'C14N';
gen.SignedInfoDigestMethod := 'sha1';
// Set the KeyInfoId before adding references..
gen.KeyInfoId := 'KeyInfo_2a8df7f8-b958-40cc-83f6-edb53b837347_24';
// Create an Object to be added to the Signature.
object1 := TChilkatXml.Create(Self);
object1.Tag := 'xades:QualifyingProperties';
object1.AddAttribute('xmlns:xades','http://uri.etsi.org/01903/v1.3.2#');
object1.AddAttribute('Id','QualifyingProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_43');
object1.AddAttribute('Target','#Signature_2a8df7f8-b958-40cc-83f6-edb53b837347_19');
object1.UpdateAttrAt('xades:SignedProperties',1,'Id','SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e');
object1.UpdateAttrAt('xades:SignedProperties|xades:SignedSignatureProperties',1,'Id','SignedSignatureProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_0a');
// Chilkat will replace the strings "TO BE GENERATED BY CHILKAT" with actual values when the signature is created.
object1.UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningTime','TO BE GENERATED BY CHILKAT');
// Note: It may be that http://www.w3.org/2001/04/xmlenc#sha256 is needed in the following line instead of http://www.w3.org/2000/09/xmldsig#sha1
object1.UpdateAttrAt('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestMethod',1,'Algorithm','http://www.w3.org/2000/09/xmldsig#sha1');
object1.UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:CertDigest|ds:DigestValue','TO BE GENERATED BY CHILKAT');
object1.UpdateChildContent('xades:SignedProperties|xades:SignedSignatureProperties|xades:SigningCertificateV2|xades:Cert|xades:IssuerSerialV2','TO BE GENERATED BY CHILKAT');
object1.UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties',1,'Id','SignedDataObjectProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4b');
object1.UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat',1,'ObjectReference','#Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27');
object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:Description','MIME-Version: 1.0' + #13#10 + 'Content-Type: application/zip' + #13#10 + 'Content-Transfer-Encoding: binary' + #13#10 + 'Content-Disposition: filename="PIT-11Z.zip"');
object1.UpdateAttrAt('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier',1,'Qualifier','OIDAsURI');
object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Identifier','http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1');
object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:Description','Opis formatu dokumentu oraz jego pelna nazwa');
object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:ObjectIdentifier|xades:DocumentationReferences|xades:DocumentationReference','http://www.certum.pl/OIDAsURI/signedFile.pdf');
object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:DataObjectFormat|xades:MimeType','application/zip');
object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:CommitmentTypeId|xades:Identifier','http://uri.etsi.org/01903/v1.2.2#ProofOfApproval');
object1.UpdateChildContent('xades:SignedProperties|xades:SignedDataObjectProperties|xades:CommitmentTypeIndication|xades:AllSignedDataObjects','');
object1.UpdateAttrAt('xades:UnsignedProperties',1,'Id','UnsignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_55');
// Emit XML in compact (single-line) format to avoid whitespace problems.
object1.EmitCompact := 1;
gen.AddObject('',object1.GetXml(),'','');
// Create an Object to be added to the Signature.
// This is where we add the base64 representation of the PIT-11Z.zip
gen.AddObject('Object1_2a8df7f8-b958-40cc-83f6-edb53b837347',bdZip.GetEncoded('base64'),'','http://www.w3.org/2000/09/xmldsig#base64');
// -------- Reference 1 --------
gen.AddObjectRef('Object1_2a8df7f8-b958-40cc-83f6-edb53b837347','sha1','C14N_WithComments','','');
gen.SetRefIdAttr('Object1_2a8df7f8-b958-40cc-83f6-edb53b837347','Reference1_2a8df7f8-b958-40cc-83f6-edb53b837347_27');
// -------- Reference 2 --------
gen.AddObjectRef('SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e','sha1','','','http://uri.etsi.org/01903#SignedProperties');
gen.SetRefIdAttr('SignedProperties_2a8df7f8-b958-40cc-83f6-edb53b837347_4e','SignedProperties-Reference_2a8df7f8-b958-40cc-83f6-edb53b837347_28');
// Provide a certificate + private key. (PFX password is test123)
cert := TChilkatCert.Create(Self);
success := cert.LoadPfxFile('qa_data/pfx/cert_test123.pfx','test123');
if (success = 0) then
begin
Memo1.Lines.Add(cert.LastErrorText);
Exit;
end;
gen.SetX509Cert(cert.ControlInterface,1);
gen.KeyInfoType := 'X509Data';
gen.X509Type := 'Certificate';
// This will be an enveloping signature where the Signature element
// is the XML document root, the signed data is contained within Object
// tag(s) within the Signature.
// Therefore, pass an empty sbXml to CreateXmlDsigSb.
sbXml := TChilkatStringBuilder.Create(Self);
// The Polish government's XmlDSig implementation requires that we reproduce an attribute-sorting error.
// (This is an error in the XML canonicalization that is not noticed when both the signature-creation code and signature-verification code use
// the same XML canonicalization implementation w/ the bug.)
gen.Behaviors := 'AttributeSortingBug,CompactSignedXml';
// Sign the XML...
success := gen.CreateXmlDSigSb(sbXml.ControlInterface);
if (success = 0) then
begin
Memo1.Lines.Add(gen.LastErrorText);
Exit;
end;
// -----------------------------------------------
// Save the signed XML to a file.
success := sbXml.WriteFile('qa_output/signedXml.xml','utf-8',0);
Memo1.Lines.Add(sbXml.GetAsString());
// ----------------------------------------
// Verify the signature we just produced...
verifier := TChilkatXmlDSig.Create(Self);
success := verifier.LoadSignatureSb(sbXml.ControlInterface);
if (success = 0) then
begin
Memo1.Lines.Add(verifier.LastErrorText);
Exit;
end;
verified := verifier.VerifySignature(1);
if (verified <> 1) then
begin
Memo1.Lines.Add(verifier.LastErrorText);
Exit;
end;
Memo1.Lines.Add('This signature was successfully verified.');
// ------------------------------------
// Finally, let's extract the .zip from the signed XML, and then unzip the original PIT-11Z.xml from the in-memory zip.
xml := TChilkatXml.Create(Self);
xml.LoadSb(sbXml.ControlInterface,1);
// The base64 image of the PIT-11Z.zip is in the 2nd ds:Object child of the ds:Signature (the ds:Signature is the root element of the signed XML).
// (ds:Object[0] would be the 1st ds:Object child. Index 1 is the 2nd ds:Object child.)
strZipBase64 := xml.GetChildContent('ds:Object[1]');
bdZip.Clear();
bdZip.AppendEncoded(strZipBase64,'base64');
if (bdZip.NumBytes = 0) then
begin
Memo1.Lines.Add('Something went wrong.. we dont'' have any data..');
Exit;
end;
success := zip.OpenBd(bdZip.ControlInterface);
if (success = 0) then
begin
Memo1.Lines.Add(zip.LastErrorText);
Exit;
end;
// Get the 1st file in the zip, which should be the PIT-11Z.xml
entry := TChilkatZipEntry.Create(Self);
success := zip.EntryAt(0,entry.ControlInterface);
if (success = 0) then
begin
Memo1.Lines.Add('Zip contains no files...');
Exit;
end;
// Get the XML:
origXml := entry.UnzipToString(0,'utf-8');
Memo1.Lines.Add('Original XML extracted from base64 zip:');
Memo1.Lines.Add(origXml);
end;